0x0-messenger

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The README.md and SKILL.md explicitly document an "agent / pipe mode" (c0x0 pipe ...) and public PINs (c0x0 pin new --public) that allow arbitrary peers on the open P2P network to send messages which the agent ingests and can act on (e.g., approval prompts), so untrusted third‑party user content is read and can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The web UI's agent export recommends running "npx 0x0-cli pipe …", which will cause npm/npx to fetch and execute the package from the npm registry (e.g. https://registry.npmjs.org/@0x0contact/c0x0) at runtime, meaning remote code would be fetched and executed to control the agent connection.